Skip to content

Commit

Permalink
Add secure_erase function to clear secrets
Browse files Browse the repository at this point in the history
Signed-off-by: Harshil Jani <[email protected]>
  • Loading branch information
Harshil-Jani committed Feb 22, 2023
1 parent f587617 commit 27674f4
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 14 deletions.
23 changes: 15 additions & 8 deletions examples/ecdh.c
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,21 @@

#include "random.h"

void secure_erase(void *buf, size_t size) {
volatile char *vbuf = (volatile char *)buf;
size_t i;
for (i = 0; i < size; ++i) {
vbuf[i] = 0;
}
}

int main(void) {
volatile unsigned char seckey1[32];
volatile unsigned char seckey2[32];
unsigned char seckey1[32];
unsigned char seckey2[32];
unsigned char compressed_pubkey1[33];
unsigned char compressed_pubkey2[33];
volatile unsigned char shared_secret1[32];
volatile unsigned char shared_secret2[32];
unsigned char shared_secret1[32];
unsigned char shared_secret2[32];
unsigned char randomize[32];
int return_val;
size_t len;
Expand Down Expand Up @@ -114,10 +121,10 @@ int main(void) {
*
* Here we are preventing these writes from being optimized out, as any good compiler
* will remove any writes that aren't used. */
memset(seckey1, 0, sizeof(seckey1));
memset(seckey2, 0, sizeof(seckey2));
memset(shared_secret1, 0, sizeof(shared_secret1));
memset(shared_secret2, 0, sizeof(shared_secret2));
secure_erase(seckey1,sizeof(seckey1));
secure_erase(seckey2,sizeof(seckey2));
secure_erase(shared_secret1,sizeof(shared_secret1));
secure_erase(shared_secret2,sizeof(shared_secret2));

return 0;
}
12 changes: 9 additions & 3 deletions examples/ecdsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,13 @@

#include "random.h"


void secure_erase(void *buf, size_t size) {
volatile char *vbuf = (volatile char *)buf;
size_t i;
for (i = 0; i < size; ++i) {
vbuf[i] = 0;
}
}

int main(void) {
/* Instead of signing the message directly, we must sign a 32-byte hash.
Expand All @@ -29,7 +35,7 @@ int main(void) {
0x61, 0x2B, 0x1F, 0xCE, 0x77, 0xC8, 0x69, 0x34,
0x5B, 0xFC, 0x94, 0xC7, 0x58, 0x94, 0xED, 0xD3,
};
volatile unsigned char seckey[32];
unsigned char seckey[32];
unsigned char randomize[32];
unsigned char compressed_pubkey[33];
unsigned char serialized_signature[64];
Expand Down Expand Up @@ -127,7 +133,7 @@ int main(void) {
*
* Here we are preventing these writes from being optimized out, as any good compiler
* will remove any writes that aren't used. */
memset(seckey, 0, sizeof(seckey));
secure_erase(seckey,sizeof(seckey));

return 0;
}
13 changes: 10 additions & 3 deletions examples/schnorr.c
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,19 @@

#include "random.h"

void secure_erase(void *buf, size_t size) {
volatile char *vbuf = (volatile char *)buf;
size_t i;
for (i = 0; i < size; ++i) {
vbuf[i] = 0;
}
}

int main(void) {
unsigned char msg[12] = "Hello World!";
unsigned char msg_hash[32];
unsigned char tag[17] = "my_fancy_protocol";
volatile unsigned char seckey[32];
unsigned char seckey[32];
unsigned char randomize[32];
unsigned char auxiliary_rand[32];
unsigned char serialized_pubkey[32];
Expand Down Expand Up @@ -142,7 +150,6 @@ int main(void) {
*
* Here we are preventing these writes from being optimized out, as any good compiler
* will remove any writes that aren't used. */
memset(seckey, 0, sizeof(seckey));

secure_erase(seckey,sizeof(seckey));
return 0;
}

0 comments on commit 27674f4

Please sign in to comment.